Alert! "System Tool" Computer invasion!

Recommended Posts

A few moments ago while peeking at ESPN.com in order to read a bit on the basketball tournaments, on multiple monitors I suddenly got a display from "System Tool 2011" telling me I had all kinds of trojans, viruses, and other stuff that smells bad was on my computer and the only way to get rid of them was to purchase their program. It took complete control of my computer and nothing I could do let me regain access of other programs, or have control of the computer any longer. Internet access through my browser was also blocked as well as Windows Task Mgr. I also could find no way to close System Tool.Thanks to a google search on another computer, I found multiple posts relative to this incursion, and the recommendation was to try a previous restore point in safe mode. Going to yesterday's this worked (Win XP Pro). If anyone else should be invaded by this outsider, give a restore point a try (in safe mode).I also sent an email to the FBI IC3 division relating this incident.I implement ESET Smart Security 4 (NOD32) for my Antivirus, Antispyware, Firewall, and Antispam protection. However, when flying on FS, I usually disable the Firewall due to blockage between some Simconnect and/or WideClient programs. I had failed to restore the firewall while on the ESPN site. Whether this had anything to do with it or not I do not know. The invasion may have bypassed all provisions anyway.Respectfully:RTH

Share this post

Link to post

A few moments ago while peeking at ESPN.com in order to read a bit on the basketball tournaments, on multiple monitors I suddenly got a display from "System Tool 2011" telling me I had all kinds of trojans, viruses, and other stuff that smells bad was on my computer and the only way to get rid of them was to purchase their program. It took complete control of my computer and nothing I could do let me regain access of other programs, or have control of the computer any longer. Internet access through my browser was also blocked as well as Windows Task Mgr. I also could find no way to close System Tool.Thanks to a google search on another computer, I found multiple posts relative to this incursion, and the recommendation was to try a previous restore point in safe mode. Going to yesterday's this worked (Win XP Pro). If anyone else should be invaded by this outsider, give a restore point a try (in safe mode).I also sent an email to the FBI IC3 division relating this incident.I implement ESET Smart Security 4 (NOD32) for my Antivirus, Antispyware, Firewall, and Antispam protection. However, when flying on FS, I usually disable the Firewall due to blockage between some Simconnect and/or WideClient programs. I had failed to restore the firewall while on the ESPN site. Whether this had anything to do with it or not I do not know. The invasion may have bypassed all provisions anyway.Respectfully:RTH

I to have had same prolem with this, managed to use system restore and all seemed ok my son also got zapped with this at the time both of us had av ect on, Both using different avs and malware nothing picked this one up,Regards Richard.

Share this post

Link to post

Thanks for the heads up! FYI, I have all my computers set up to create an automatic restore point once a day at initial boot up. (RPs are an utter nightmare on Windows 7!) I have a script written for it if anyone's interested.EDIT: ADMINS: Can you tell me why I might keep getting double posts from the OP (and only a few) others?

Share this post

Link to post

I had one of those nasty "drive by downloads/attacks" last year. It happened to be under the same alias as the OP's. I was listening to music with the friends on Spring break at Grooveshark.com and let out a bunch of expletives when the faux message appeared..Had to reformat as I had no back up point created... Learned my lesson.

Share this post

Link to post

:( Not a good idea, if something doesn't work because of your firewall, set up some specific rules for those programs, but don't turn it off completely.Apart from a good firewall/anti-virus combo, I also still use SpywareBlaster's and Spybot's immunization features. Can't say I've had any problems, ever.

Share this post

Link to post

I use NoScript & flashblocker in Firefox, in addition to the firewall (ZoneAlarm plus the router's inbuilt firewall) & antivirus (Avast). This does make for some inconvenience, since you have to manually authorise the browser if a website wants to run even perfectly innocent scripts (although you can give a permanent OK to any site you want to, such as this one), but it does stop rogue ads downloading malware such as those phony anti-virus scripts.Also use Spybot SD, and run Malwarebytes regularly. I've only had a problem once in fifteen years of online activity, and that was before installing NoScript.

Share this post

Link to post

I also have had to endure this same kind of crap a couple of times in the last year. I use IE8 and Firefox. I use the default firewall, ESET NOD32 AV and Sybot Search and Destroy. I don't use system restore so here is/was my fix. As soon as I saw the notification or warning I pulled the plug so to speak, shutting down the computer without using the windows interface. I restart my computer in safe mode and run Spybot. So far it has been good at finding these invasions. Before I allow it to remove the stuff I make a note of registry locations and the executable file(s). I then allow Spybot to do its thing. Next while still in safe mode I go to documents and settings/ my user name/ and delete everything in the Recent folder, go to the Local Settings folder and delete everything in the temp folder. While in the Local settings folder I also check in the Application Data sub folder for anything that doesn't seem to belong. If I find anything there I create a temp crap folder on the desktop and send all the junk there. Next I zip the temp crap folder and delete the uncompressed version and clean the recycle bin. I also repeat this for All Users, Default Users and Administrator, if necessary. I then send the temp crap zip(s) to the recycle bin. Next I check in all Start Up locations for the offending stuff and delete if found. Last I go to :\ Window\Temp folder and delete all contents.I restart and run a registry cleaner. Run the AV and rerun Spybot. If everything is clean and functioning properly I empty the recycle bin to get rid of any temp crap zip(s). One last step is to either use Spybot or start/ run; open "msconfig" and on the System Configuration Utility startup tab make sure nothing unwanted is checked. If you do find something then you can use the supplied information to track it down and kill it. So far this process has been 100% successful. I almost forgot, I have had to check and reset my IE8 and Firefox settings and in one case my ether net card settings as well.I hope this helps anyone who chooses not to use system restore since it is a resource hog.Regards to all,Mel

Share this post

Link to post

I use NoScript & flashblocker in Firefox, in addition to the firewall (ZoneAlarm plus the router's inbuilt firewall) & antivirus (Avast). This does make for some inconvenience, since you have to manually authorise the browser if a website wants to run even perfectly innocent scripts (although you can give a permanent OK to any site you want to, such as this one), but it does stop rogue ads downloading malware such as those phony anti-virus scripts.Also use Spybot SD, and run Malwarebytes regularly. I've only had a problem once in fifteen years of online activity, and that was before installing NoScript.

+1 with NoScript. My drive by download virus prompted me to use NoScript in conjunction with AdBlocker. Great programs.

AVSIM is a free service to the flight simulation community. AVSIM is staffed completely by volunteers and all funds donated to AVSIM go directly back to supporting the community. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. Thank you for your support!

Donation Goals

AVSIM's 2019 Fundraising Goal

Donate to our annual general fund. This donation keeps our doors open and providing you service 24 x 7 x 365. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. We reset this goal every new year for the following year's goal.